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Abstract. We study shedding in the setting of data linkage dynamics, 
a simple model of computation that bears on the use of dynamic data 
structures in programming. Shedding is complementary to garbage col- 
lection. With shedding, each time a link to a data object is updated by 
a program, it is determined whether or not the link will possibly be used 
once again by the program, and if not the link is automatically removed. 
Thus, everything is made garbage as soon as it can be viewed as garbage. 
By that, the effectiveness of garbage collection becomes maximal. 
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1 Introduction 

This paper is a sequel to [9], In that paper, we presented an algebra, called data 
linkage algebra, of which the elements are intended for modelling the states of 
computations in which dynamic data structures are involved. We also presented 
a simple model of computation, called data linkage dynamics, in which states of 
computations are modelled as elements of data linkage algebra and state changes 
take place by means of certain actions. Data linkage dynamics includes the fol- 
lowing features to reclaim garbage: full garbage collection, restricted garbage 
collection (as if reference counts are used), safe disposal of potential garbage, 
and unsafe disposal of potential garbage. 

In the current paper, we add shedding to the features of data linkage dy- 
namics. This feature is complementary to the garbage collection features of data 
linkage dynamics. Roughly speaking, shedding works as follows: each time a link 
to a data object is updated by a program, it is determined whether or not the 
link will possibly be used once again by the program, and if not the link is au- 
tomatically removed. In this way, everything is made garbage as soon as it can 
be taken for garbage. The point of shedding is that by this, the effectiveness of 
garbage collection becomes maximal. 

In the sixties of the previous century, when the first list-processing languages 
came up, three basic garbage collection techniques have been proposed: reference 
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counting (see e.g. [15,12]), marking (see e.g. [21,24]), and copying (see e.g. [22, 
14]). The garbage collection techniques that have been proposed in the seventies 
and eighties of the previous century are mainly incremental and parallel variants 
of the three basic techniques (sec e.g. [4,20] and [28, 19, 13], respectively), which 
are intended to avoid substantial interruption due to garbage collection, and 
conservative and tag- free variants of the three basic techniques (see e.g. [11] 
and [2, 16], respectively), which are intended to perform garbage collection more 
efficient. All the garbage collection techniques proposed in those times collect 
only data objects that are no longer reachable by a series of links. In the next 
paragraph, we will use the term "standard garbage collection techniques" to 
refer to this group of garbage collection techniques. 

Owing to the growing use of dynamic data structures in programming, the 
effectiveness of garbage collection techniques becomes increasingly more impor- 
tant since the nineties of the previous century. It has been confirmed by recent 
empirical studies that standard garbage collection techniques actually leave a 
lot of garbage uncollected (see e.g. [25,26,17]). For the greater part, recently 
proposed garbage collection techniques that are intended to be more effective 
than standard garbage collection techniques turn out to make use of approxi- 
mations of shedding. The approximations are obtained by means of information 
about future uses of links coming from static program analysis. The information 
is either directly provided to an adapted standard garbage collector (see e.g. [1]) 
or used to transform the program in question such that data objects become 
unreachable as soon as some safety property holds according to the information 
(see e.g. [27,18]). In the latter case, the safety property used differs from one 
proposal to another, can in all cases be improved by taking into account that 
the number of data objects that can exist at the same time is bounded, and is 
in all cases at best weakly justified by a precise semantics of the programming 
language supposed to be used. 

Our study of shedding arises from the work on "nullifying dead links" pre- 
sented in [18]. That work concerns the removal of links that will not possibly 
be used once again by means of static program analysis and program transfor- 
mation. In our study of shedding, different from the study in [18], the semantic 
effects of the fact that the number of data objects that can exist at the same 
time is always bounded are taken into account. 

The view is taken that the behaviours exhibited by programs on execution are 
threads as considered in basic thread algebra. 1 A thread proceeds by performing 
actions in a sequential fashion. A thread may perform an action for the purpose 
of interacting with a service that takes the action as a command to be processed. 
The processing of the action results in a state change and a reply. In the setting 
of basic thread algebra, the use mechanism has been introduced to allow for this 
kind of interaction. The state changes and replies that result from performing 
the actions of data linkage dynamics can be achieved by means of a service. 

1 In [7], basic thread algebra is introduced under the name basic polarized process 
algebra. Prompted by the development of thread algebra [8], which is a design on 
top of it, basic polarized process algebra has been renamed to basic thread algebra. 
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In [9] , it was explained how basic thread algebra can be combined with data 
linkage dynamics by means of the use mechanism in such a way that the whole 
can be used for studying issues concerning the use of dynamic data structures in 
programming. For a clear apprehension of data linkage dynamics as presented 
in that paper, such a combination is not needed. This is different for shedding, 
because it cannot be explained without reference to program behaviours. In 
the current paper, we adapt the data linkage dynamics services involved in the 
combination described in [9] to explain shedding. For the adapted data link- 
age dynamics services, shedding happens to be a matter close to reflection on 
themselves. Moreover, the adapted data linkage dynamics services are services 
of which the state changes and replies may depend on how the thread that per- 
forms the actions being processed will proceed. That is why we also introduce a 
generalization of the use mechanism to such forecasting services. 

This paper is organized as follows. First, we review data linkage algebra, 
data linkage dynamics and basic thread algebra (Sections 2, 3, and 4). Next, 
we present the use mechanism for forecasting services and explain how basic 
thread algebra can be combined with data linkage dynamics by means of that 
use mechanism (Sections 5 and 6). After that, we introduce the shedding feature 
and adapt the data linkage dynamics services involved in the combination de- 
scribed before such that they support shedding (Sections 7, 8, and 9). Then, we 
illustrate shedding by means of some examples (Section 10). Finally, we make 
some concluding remarks (Section 11). 

2 Data Linkage Algebra 

In this section, we review the algebraic theory DLA (Data Linkage Algebra). The 
elements of the initial algebra of DLA can serve for the states of computations 
in which dynamic data structures are involved. 

In DLA, it is assumed that a fixed but arbitrary finite set Spot of spots, a 
fixed but arbitrary finite set Field of fields, a fixed but arbitrary finite set AtObj 
of atomic objects, and a fixed but arbitrary finite set Value of values have been 
given. 

DLA has one sort: the sort DL of data linkages. To build terms of sort DL, 
BTA has the following constants and operators: 

— for each s G Spot and a G AtObj, the spot link constant -A a : DL; 

— for each a G AtObj and / G Field, the partial field link constant a -A : DL; 

— for each a, b G AtObj and / G Field, the field link constant a — > b : DL; 

— for each a G AtObj and n G Value, the value association constant (a) n : DL; 

— the empty data linkage constant : DL; 

— the binary data linkage combination operator © : DL x DL — > DL; 

— the binary data linkage overriding combination operator ®':DLxDL — > DL. 

Terms of sort DL are built as usual. Throughout the paper, we assume that 
there arc infinitely many variables of sort DL, including X, Y, Z. We use infix 
notation for data linkage combination and data linkage overriding combination. 
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Let L and V be closed DLA terms. Then the constants and operators of 
DLA can be explained as follows: 

- A a is the atomic data linkage that consists of a link via spot s to atomic 
object a; 

- a — > is the atomic data linkage that consists of a partial link from atomic 
object a via field /; 

- a b is the atomic data linkage that consists of a link from atomic object a 
via field / to atomic object 6; 

- (a) n is the atomic data linkage that consists of an association of the value n 
with atomic object a; 

- is the data linkage that does not contain any atomic data linkage; 

- L (B L' is the union of the data linkages L and L'; 

- L ©' V differs from L ffi V as follows: 

• if L contains spot links via spot s and L' contains spot links via spot s, 
then the former links are overridden by the latter ones; 

• if L contains partial field links and/or field links from atomic object a via 
field / and L' contains partial field links and/or field links from atomic 
object a via field /, then the former partial field links and/or field links 
are overridden by the latter ones; 

• if L contains value associations with atomic object a and L' contains 
value associations with atomic object a, then the former value associa- 
tions are overridden by the latter ones. 

The axioms of DLA are given in Table 1. In this table, s and t stand for 
arbitrary spots from Spot, / and g stand for arbitrary fields from Field, a, b, c 
and d stand for arbitrary atomic objects from AtObj, and n and m stand for 
arbitrary values from Value. 

The set B of basic terms over DLA is inductively defined by the following 
rules: 

- 0g£; 

- if s E Spot and a G AtObj, then Ao6 6; 

- if a e AtObj and / 6 Field, then e B; 

- it a, be AtObj and / e Field, then a-UbeB; 

- if a E AtObj and n G Value, then (a)„ € £>; 

- if Lx, L 2 S B, then L 1 ®L 2 E B. 

Theorem 1. For all closed DLA terms L, there exists a basic term L' E B such 
that L — L' is derivable from the axioms o/DLA. 

Proof. See Theorem 1 in [9]. 

We are only interested in the initial model of DLA. We write T>C for the 
set of all elements of the initial model of DLA. DC consists of the equivalence 
classes of basic terms over DLA with respect to the equivalence induced by the 
axioms of DLA. In other words, modulo equivalence, B is DC. Henceforth, we 
will identify basic terms over DLA and their equivalence classes. 
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Table 1. Axioms of DLA 
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A a)) ffi' (6)„ = (X ffi' (6)„)e (A a) 
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a A 6)) ffi' (c)„ = (X ffi' (c)„) ffi (a A 6) 
a)„) ffi' (6) m = (X ffi' (6) m ) (a)„ ifa^fe 
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if a/cV / 
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3 Data Linkage Dynamics 

DLD (Data Linkage Dynamics) is a simple model of computation that bears 
on the use of dynamic data structures in programming. It comprises states, 
basic actions, and the state changes and replies that result from performing the 
basic actions. The states of DLD are data linkages. In this section, we give an 
informal explanation of the basic actions of DLD to structure data dynamically. 
The basic actions of DLD to deal with values found in dynamically structured 
data, as well as some actions related to reclaiming garbage, are not explained. 
For a comprehensive presentation of DLD, the reader is referred to [9]. 
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Like in DLA, it is assumed that a fixed but arbitrary finite set Spot of spots, 
a fixed but arbitrary finite set Field of fields, and a fixed but arbitrary finite 
set AtObj of atomic objects have been given. It is also assumed that a fixed 
but arbitrary choice function ch : ('P(AtObj) \ 0) — >• AtObj such that, for all 
A G 'P(AtObj) \ 0, ch(A) G A has been given. The function ch is used whenever 
a fresh atomic object must be obtained. 

Below, we will informally explain the features of DLD to structure data 
dynamically. When speaking informally about a state L of DLD, we say: 

— if there exists a unique atomic object a for which -A a is contained in L, 
the content of spot s instead of the unique atomic object a for which A a is 
contained in L; 

— the fields of atomic object a instead of the set of all fields / such that either 

f f 
a is contained in L or there exists an atomic object b such that a -A b is 

contained in L; 

— if there exists a unique atomic object b for which a — * b is contained in L, 
the content of field f of atomic object a instead of the unique atomic object 
b for which a b is contained in L. 

In the case where the uniqueness condition is met, the spot or field concerned is 
called locally deterministic. 

DLD has the following basic actions to structure data dynamically: 

— for each s G Spot, a get fresh atomic object action s !; 

— for each s, t G Spot, a set spot action s = t; 

— for each s G Spot, a clear spot action s = *; 

— for each s, t € Spot, an equality test action s == t; 

— for each s G Spot, an undefinedness test action s == *; 

— for each s G Spot and / G Field, a add field action s/f; 

— for each s G Spot and / G Field, a remove field action s\f; 

— for each s G Spot and / G Field, a has field action s\f; 

— for each s,t G Spot and / G Field, a set field action s.f = t; 

— for each s G Spot and / G Field, a clear field action s.f = *; 

— for each s,t £ Spot and / G Field, a get field action s = t.f. 

If only locally deterministic spots and fields are involved, these actions can 
be explained as follows: 

— s\: if a fresh atomic object can be allocated, then the content of spot s 
becomes that fresh atomic object and the reply is T; otherwise, nothing 
changes and the reply is F; 

— s = t: the content of spot s becomes the same as the content of spot t and 
the reply is T; 

— s — *: the content of spot s becomes undefined and the reply is T; 

— s == t: if the content of spot s equals the content of spot t, then nothing 
changes and the reply is T; otherwise, nothing changes and the reply is F; 

— s == *: if the content of spot s is undefined, then nothing changes and the 
reply is T; otherwise, nothing changes and the reply is F; 
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— s/f: if the content of spot s is an atomic object and / does not yet belong 
to the fields of that atomic object, then / is added (with undefined content) 
to the fields of that atomic object and the reply is T; otherwise, nothing 
changes and the reply is F; 

— s\f: if the content of spot s is an atomic object and / belongs to the fields of 
that atomic object, then / is removed from the fields of that atomic object 
and the reply is T; otherwise, nothing changes and the reply is F; 

— s | /: if the content of spot s is an atomic object and / belongs to the fields 
of that atomic object, then nothing changes and the reply is T; otherwise, 
nothing changes and the reply is F; 

— s.f — t: if the content of spot s is an atomic object and / belongs to the 
fields of that atomic object, then the content of that field becomes the same 
as the content of spot t and the reply is T; otherwise, nothing changes and 
the reply is F; 

— s.f = *: if the content of spot s is an atomic object and / belongs to the 
fields of that atomic object, then the content of that field becomes undefined 
and the reply is T; otherwise, nothing changes and the reply is F; 

— s = t.f: if the content of spot t is an atomic object and / belongs to the 
fields of that atomic object, then the content of spot s becomes the same as 
the content of that field and the reply is T; otherwise, nothing changes and 
the reply is F. 

In the explanation given above, wherever we say that the content of a spot or field 
becomes the same as the content of another spot or field, this is meant to imply 
that the former content becomes undefined if the latter content is undefined. 
If not only locally deterministic spots and fields are involved in performing an 
action, there is no state change and the reply is F. 

Atomic objects that are not reachable via spots and fields can be reclaimed. 
Reclamation of unreachable atomic objects is relevant because the set AtObj of 
atomic objects is finite. In [9], we introduce various ways to achieve reclama- 
tion of unreachable atomic objects. In this section, we mention only one of the 
reclamation-related actions: the full garbage collection action fgc. By performing 
this action, all unreachable atomic objects are reclaimed. The reply that results 
from performing this action is always T. 

We write ^4dld for the set of all basic actions of DLD. 

In [9] , we describe the state changes and replies that result from performing 
the basic actions of DLD by means of a term rewrite system with rule priori- 
ties [3] . For that purpose, a unary effect operator eff a and a unary yield operator 
yld a are introduced for each basic action a G ^4dld- The intuition is that these 
operators stand for operations that give, for each state L, the state and reply, 
respectively, that result from performing basic action a in state L. 

4 Basic Thread Algebra 

In this section, we review the algebraic theory BTA (Basic Thread Algebra), a 
form of process algebra which is tailored to the description and analysis of the 
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Table 2. Axiom of BTA 



x <tau > y = x <tau > x Tl 



behaviours of sequential programs under execution. The behaviours concerned 
are called threads. 

In BTA, it is assumed that a fixed but arbitrary finite set A of basic actions, 
with tau ^ A, has been given. We write .4 tau for _4.U{tau}. The members of -4 tau 
are referred to as actions. 

Threads proceed by performing actions in a sequential fashion. Each basic 
action performed by a thread is taken as a command to be processed by some 
service provided by the execution environment of the thread. The processing of a 
command may involve a change of state of the service concerned. At completion 
of the processing of the command, the service returns a reply value T or F to 
the thread concerned. 

BTA has one sort: the sort T of threads. To build terms of sort T, BTA has 
the following constants and operators: 

— the deadlock constant D : T; 

— the termination constant S : T; 

— for each a G Aau, the binary postconditional composition operator _ <a> 
.:TxT->T. 

Terms of sort T are built as usual (see e.g. [29,23]). Throughout the paper, we 
assume that there are infinitely many variables of sort T, including x,y,z. 

We use infix notation for postconditional composition. We introduce action 
prefixing as an abbreviation: a o p, where p is a term of sort T, abbreviates 
p < a > p. 

Let p and q be closed terms of sort T and a G -4tau- Then p < a\> q will 
perform action a, and after that proceed as p if the processing of a leads to the 
reply T (called a positive reply), and proceed as q if the processing of a leads 
to the reply F (called a negative reply). The action tau plays a special role. It 
is a concrete internal action: performing tau will never lead to a state change 
and always lead to a positive reply, but notwithstanding all that its presence 
matters. 

BTA has only one axiom. This axiom is given in Table 2. 

Each closed BTA term of sort T denotes a finite thread, i.e. a thread of which 
the length of the sequences of actions that it can perform is bounded. Guarded 
recursive specifications give rise to infinite threads. 

A guarded recursive specification over BTA is a set of recursion equations 
E = {X = px | X G V}, where V is a set of variables of sort T and each px 
is a term of the form D, S or p <a> q with p and q BTA terms of sort T that 
contain only variables from V. We write V(E) for the set of all variables that 
occur on the left-hand side of an equation in E. We are only interested in models 
of BTA in which guarded recursive specifications have unique solutions, such as 
the projective limit model of BTA presented in [5] . 
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Table 3. Axioms for guarded recursion 



(X\E) = (t x \E) if X = t x £ E RDP 
E => X = (X\E) if X e V(E) RSP 



We extend BTA with guarded recursion by adding constants for solutions 
of guarded recursive specifications and axioms concerning these additional con- 
stants. For each guarded recursive specification E and each X G V(E), we add a 
constant of sort T standing for the unique solution of E for X to the constants 
of BTA. The constant standing for the unique solution of E for X is denoted by 
(X\E). Moreover, we add the axioms for guarded recursion given in Table 3 to 
BTA, where we write {tx\E) for tx with, for all Y G V(£ l ), all occurrences of 
Y in tx replaced by (Y\E). 2 In this table, X, tx and E stand for an arbitrary 
variable of sort T, an arbitrary BTA term of sort T and an arbitrary guarded 
recursive specification over BTA, respectively. Side conditions are added to re- 
strict the variables, terms and guarded recursive specifications for which X 7 t x 
and E stand. 

Henceforth, we write BTA+REC for BTA extended with the constants for so- 
lutions of guarded recursive specifications and axioms RDP and RSP. Moreover, 
we write T for the set of all closed terms of BTA+REC. 

In the following definition, the interpretation of a postconditional composi- 
tion operator in a model of BTA+REC is denoted by the operator itself. Let DJl 
be some model of BTA+REC, and let p be an element from the domain of 3JI. 
Then the set of residual threads of p, written Res(p), is inductively defined as 
follows: 

— p G Res(p); 

— if<7<ja>rG Res(p), then q G Res(p) and r G Res(p). 

We say that p is regular if Res(p) is finite. 

We are only interested in models of BTA+REC in which the solution of a 
guarded recursive specification E over BTA is regular if and only if E is finite, 
such as the projective limit model presented in [5]. Par abus de langage, a closed 
term of BTA+REC without occurrences of constants (X\E) for infinite E will 
henceforth be called a regular thread. 

5 A Use Mechanism for Forecasting Services 

A thread may perform an action for the purpose of interacting with a service 
that takes the action as a command to be processed. The processing of the action 
may involve a change of state of the service and at completion of the processing 
of the action the service returns a reply value to the thread. In this section, we 
introduce a mechanism that is concerned with this kind of interaction. It is a 

2 Throughout the paper, we use the symbol =>• for implication. 
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generalization of the use mechanism introduced in [9] to forecasting services. A 
forecasting service is a service of which the state changes and replies may depend 
on how the thread that performs the actions being processed will proceed. 

It is assumed that a fixed but arbitrary finite set T of foci and a fixed but 
arbitrary finite set M of methods have been given. Each focus plays the role 
of a name of some service provided by an execution environment that can be 
requested to process a command. Each method plays the role of a command 
proper. For the set A of actions, we take the set {f.m f G T, m G M}. 
Performing an action f.m is taken as making a request to the service named / 
to process command m. 

Recall that T stands for the set of all closed terms of BTA+REC. 

A forecasting service H consists of 

— a set S of states; 

— an effect function eff : M x S x T — > S; 

— a yield function yld : M x S x T -> {T, F, B}; 

— an initial state so g S; 

satisfying the following conditions: 

3seS«Vme M,p € T • 

(yld(m, s,p) = B A W e S • (yld(m, s',p) = B => eff(m, s',p) = s)) , 

Vs £ S,m,m' e M,f e F,p,q €T • 
(yld(m, s, S) = B A yld(m, s, D) = B A 

yld(m, s, tau op) = BA(m^m'4 yld(m, s,p< f.m' >q) = B)) . 

The set 5 contains the states in which the services may be, and the functions 
eff and yld give, for each method m, state s and thread p, the state and reply, 
respectively, that result from processing m in state s if p is the thread that makes 
the request to process m. In certain states, requests to process certain methods 
may be rejected. B, which stands for blocked, is used to indicate this. 

Given a forecasting service H = (S 1 , eff, yld,So), a method m G M. and a 
thread p G T: 

— the derived service of H after processing m in the context of p, written 
-^H[p], is the forecasting service (S, eff , yld, eff (m, so,p)); 

— the reply of H after processing m in the context of p, written H[p](m), is 
yld(m,s ,p). 

A forecasting service H = (S, eff, yld, so) can be understood as follows: 

— if thread p makes a request to the service to process m and H[p](m) ^ B, 
then the request is accepted, the reply is H[p]{m), and the service proceeds 

— if thread p makes a request to the service to process m and H[p](m) = B, 
then the request is rejected. 
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Table 4. Axioms for use operators 



S // H = S TSUI 

D I) H = D TSU2 

(tau op) l s H = tauo (p/ f H) TSU3 

(p<g.m>q)/ f H = (p/ f H)<g.m>(q/ f H) if / ? g TSU4 

(p<f.m>q)/ f H = tauo (p/f £-H[p < f.m> g]) \f H [p <\ f .m > q](m) = T TSU5 

(p<f.m>q)/fH = tauo(g/ / ^H[p < /.m > g]) if tf[p < /.m > g](m) = F TSU6 

(p < /.m >q)/ f H = D if H[p < /.m > g](m) = B TSU7 



By the first condition on forecasting services, after a request has been rejected 
by the service, it gets into a state in which any request will be rejected. By the 
second condition on forecasting services, any request that does not correspond 
to the action being performed by thread p is rejected. 

In the case of a forecasting service H = (S, eff, yld,so), the derived service 
and reply that result from processing a method may depend on how the thread 
that makes the request to process that method will proceed. Hence the name 
forecasting service. Henceforth, we will omit the qualification forecasting if no 
confusion can arise with other kinds of services. 

We introduce yet another sort: the sort S of services. However, we will not 
introduce constants and operators to build terms of this sort. We demand that 
the interpretation of the sort S in a model is a set TS of forecasting services 
such that for all H G J-S, -J^H\p] G J-S for each m G M. and peT. 

We introduce the following additional operators: 

— for each / G T, the binary use operator _//_:Tx S — > T. 

We use infix notation for the use operators. 

Intuitively, p / f H is the thread that results from processing all actions per- 
formed by thread p that are of the form f.m by service H . When an action of 
the form f.m performed by thread p is processed by service H, that action is 
turned into the internal action tau and postconditional composition is removed 
in favour of action prefixing on the basis of the reply value produced. In previous 
work, we sometimes opted for the alternative to conceal the processed actions 
completely. However, we experienced repeatedly in cases where this alternative 
appeared to be appropriate at first that it turned out to impede progress later. 

The axioms for the use operators are given in Table 4. In this table, / and g 
stand for arbitrary foci from J 7 , m stands for an arbitrary method from A4, and p 
and q stand for arbitrary closed terms of sort T. H ranges over the interpretation 
of sort S. Axioms TSU3 and TSU4 express that the action tau and actions of 
the form g.m, where f ^ g, are not processed. Axioms TSU5 and TSU6 express 
that a thread is affected by a service as described above when an action of the 
form f.m is processed by the service. Axiom TSU7 expresses that deadlock takes 
place when an action to be processed is not accepted. 

Henceforth, we write BTA use for BTA, taking the set {f.m | / G J-, m G M.} 
for A, extended with the use operators and the axioms from Table 4. 
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Table 5. Definition of effect and yield functions for DLD 



eff(m,L,p<f.m>q) 
eff{m,L,p<f.m>q) 

yld(m, L,p < f.rn > g) 
yld(m, L,p < f.m > g) 



effm(L) 
t 



yld m {L) 



B 



if m € .4dld 
if m j4dld 



if m € j4dld 
if m ^ Auhu 



yld(m, L, p) = B => ejf (m, L, p) = t 



The use mechanism introduced in [8] deals in essence with forecasting services 
of which: 

— the set of states is the set of all sequences with elements from M; 

— the derived service and reply that result from processing a method do not 
depend on how the thread that makes the request to process that method 
will proceed. 

For these services, the use mechanism introduced in this section coincides with 
the use mechanism introduced in [8]. The architecture-dependent services con- 
sidered in [6] can be looked upon as simple forecasting services. 

6 Thread Algebra and Data Linkage Dynamics Combined 

The state changes and replies that result from performing the actions of data 
linkage dynamics can be achieved by means of services. In this short section, we 
explain how basic thread algebra can be combined with data linkage dynamics 
by means of the use mechanism introduced in Section 5 such that the whole 
can be used for studying issues concerning the use of dynamic data structures 
in programming. The services involved do not have a forecasting nature. The 
adapted services needed to deal with shedding, which are described in Section 9, 
have a forecasting nature. 

Recall that VC stands for the set of all elements of the initial model of DLA, 
and recall that, for each a € ^4dld, eff a and yld a stand for unary operations 
on VC that give, for L £ VC, the state and reply, respectively, that result from 
performing basic action a in state L. It is assumed that a blocking state | ^ T)C 
has been given. 

Take M such that ,4dld C M. Moreover, let L G VC U {!}• Then the data 
linkage dynamics service with initial state L, written VCV(L), is the service 
(VC U {t}, eff, yld,L), where the functions eff and yld are the effect and yield 
functions satisfying the (unconditional and conditional) equations in Table 5. 
Notice that, because of the conditions imposed on forecasting services in Sec- 
tion 5, these equations characterize the effect and yield functions uniquely. 

By means of threads and the data linkage dynamics services introduced 
above, we can give a precise picture of computations in which dynamic data 
structures are involved. Examples of such computations can be found in [9]. 
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The combination of basic thread algebra and data linkage dynamics by means 
of the use mechanism can be used for studying issues concerning the use of 
dynamic data structures in programming at the level of program behaviours. A 
hierarchy of simple program notations rooted in PGA is presented in [7] . Included 
are program notations which are close to existing assembly languages up to and 
including program notations that support structured programming by offering 
a rendering of conditional and loop constructs. Regular threads are taken as the 
behaviours of programs in those program notations. Together with one of the 
program notations, the combination of basic thread algebra and data linkage 
dynamics can be used for studying issues concerning the use of dynamic data 
structures in programming at the level of programs. We mention one such issue. 
In general terms, the issue is whether we can do without garbage collection 
by program transformation at the price of a linear increase of the number of 
available atomic objects. In [9], we phrase this issue precisely for one of the 
program notation rooted in PGA. 

The notation for the basic actions of DLD, makes the focus- method notation 
f.m less suitable in the case where m is a basic action of DLD. Therefore, we 
will henceforth mostly write /(m) instead of f.m if m G ^4dld- 

7 The Shedding Feature 

In this section, we introduce the shedding feature in the setting of data linkage 
dynamics in an informal way. In Section 9, we will adapt the data linkage dy- 
namics services introduced in Section 6 to explain shedding in a more precise 
way. 

Roughly speaking, shedding works as follows: each time the content of a spot 
or field is changed, it is determined whether or not the spot or field will possibly 
be used once again, and if not its content is made undefined. If a spot or field is 
made undefined in this way, we say that it is shed. The use of a previously shed 
spot or field is called a shedding error. 

The shedding feature is rather non-obvious. Consider the thread 

dld(s !) o ((dld(u = s) o S) < dld(f !) > S) 

and assume that the cardinality of AtObj is 1. If s is not shed on performing s !, 
then a negative reply is produced on performing t ! and the thread terminates 
without having made use of s. However, from this it cannot be concluded that 
s could be shed on performing s ! after all. If s would be shed on performing s ! , 
a positive reply would be produced on performing t ! and after that a shedding 
error would occur. This shows that shedding becomes paradoxical if we do not 
deal properly with the fact that shedding of a spot or field influences whether 
or not that spot or field will possibly be used once again. 

In the light of this, it is of the utmost importance to have the right criterion 
for shedding in mind: 

a spot or field can safely be shed if it is not possible for the program 
behaviour under consideration to evolve in the case where that spot 



13 



or field is shed, irrespective as to whether other spots and helds are 
subsequently shed, in such a way that the first shedding error concerns 
that spot or field. 

When speaking about applications of this criterion, shedding errors that concern 
the spot or field to which the criterion is applied are called primary shedding 
errors and other shedding errors are called secondary shedding errors. 

In Section 6, it was explained how basic thread algebra can be combined 
with data linkage dynamics by means of the use mechanism from Section 5 
in such a way that the whole can be used for studying issues concerning the 
use of dynamic data structures in programming. For a clear apprehension of 
data linkage dynamics as presented in Section 3, such a combination is not 
needed. This is different for shedding: it cannot be explained without reference 
to program behaviours. In Section 9, we adapt the data linkage dynamics services 
involved in the combination described in Section 6 to explain shedding. 

For the adapted data linkage dynamics services, shedding happens to be a 
matter close to reflection on itself. Material to the adaptation is the above- 
mentioned criterion for shedding a spot or field. Instrumental in checking this 
criterion are the data linkage dynamics services for a minor variation of DLD. 
It concerns services which support the mimicking of shedding. 

8 Mimicking of Shedding 

The shedding supporting data linkage dynamics services, which will be intro- 
duced in Section 9, check the criterion for shedding adopted in Section 7 by 
determining what would happen if mimicking of shedding supporting data link- 
age dynamics services were used. In this section, we describe the mimicking of 
shedding supporting data linkage dynamics services in question. 

These services are data linkage dynamics services for a variation of DLD. 
The variation concerned, referred to as DLD msh , differs from DLD as follows: 

— it has two additional atomic objects * p and * s ; 

— for each s e Spot, it has two additional basic actions s — * p and s = * s ; 

— for each s e Spot and / 6 Field, it has two additional basic actions s.f = * p 
and s.f = * s ; 

— on performing s !, the contents of spot s never becomes * p or * s ; 

— on performing fgc, * p and * s are never reclaimed. 

If only locally deterministic spots and fields are involved, the additional basic 
actions can be explained as follows: 

— s = * p : the content of spot s becomes * p and the reply is T; 

— s = * s : the content of spot s becomes * s and the reply is T; 

— s.f = * p : if the content of spot s is an atomic object and / belongs to the 
fields of that atomic object, then the content of that field becomes * p and 
the reply is T; otherwise, nothing changes and the reply is F; 
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Table 6. Definition of effect and yield functions for DLD with mimicking of shedding 



eff™ h (m,L,p<f.m>q) = 




if 


rn 


£ ^DLD msl > 


eff™ h (m,L,p<f.m>q) = 


t 


if 


m 


4- ^DLD™ h 


yld msh (rn,L,p<f.m>q) = 


yidT(L) 


if 


rn 


G ^DLD m!h 


yld msh (m,L,p<f.m>q) = 


B 


if 


rn 


4 ^DLD msh 


yld™ h (m,L,p) = B =► e# msh (m, L,p) = t 









— s.f = * s : if the content of spot s is an atomic object and / belongs to the 
fields of that atomic object, then the content of that field becomes * s and 
the reply is T; otherwise, nothing changes and the reply is F. 

If not only locally deterministic spots and fields are involved in performing an 
action, there is no state change and the reply is F. 

The special atomic objects * p and * s are used as follows: 

— when checking of the criterion for some spot or field starts, the shedding of 
that spot or field is mimicked by setting its content to * p ; 

— during checking, the shedding of another spot or field is mimicked by setting 
its content to * s . 

If a spot or field is used whose content is * p , a mimicked primary shedding error 
is encountered and, if a spot or field is used whose content is * s , a mimicked 
secondary shedding error is encountered. 

Different sets of spots, sets of fields or sets of atomic objects give rise to 
different instances of DLA. The states of DLD arc the elements of the initial 
model of some instance of DLA. Because of the two additional atomic objects, 
the states of DLD msh are the elements of the initial model of another instance 
of DLA. Henceforth, we write T>C for the set of all elements of the initial model 
of former instance of DLA and VC msh for the set of all elements of the initial 
model of latter instance of DLA. In [9], we describe the state changes and replies 
that result from performing basic actions of DLD by means of a term rewrite 
system with rule priorities. It is obvious how that term rewrite system must be 
adapted to obtain a term rewrite system describing the state changes and replies 
that result from performing basic actions of DLD msh . For each basic action a of 
DLD msh , we write eff™ sh and yld™ sh for the effect and yield operators that go 
with a in the latter term rewrite system. Moreover, we write A DLD m S h for the 
set of all basic actions of DLD msh . 

Let L e £>£ msh U{t}- Then the mimicking of shedding supporting data linkage 
dynamics service with initial state L, written T>CD msh (L), is the service (VC msh U 
{t}, eff msh , yld msh , L), where the functions eff msh and yld msh are the effect and 
yield functions satisfying the equations in Table 6. 
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9 Shedding Supporting Data Linkage Dynamics Services 



In this section, we turn to the data linkage dynamic services that support shed- 
ding themselves. 

We assume that did G T . It is supposed that requests to a shedding support- 
ing data linkage dynamics service to process basic actions of DLD are always 
made using the focus did. We write f° r the set of all basic actions of DLD 

that are of the form s !, s = t, s.f = t or s = t.f. 

In the definition of shedding supporting data linkage dynamics services given 
below, we use an auxiliary function sh:AuLD ^4dld and a set shok C TxVC 

The function sh gives, for each basic action of DLD for changing the content 
of a spot or field, the basic action of DLD for making the content of that spot 
or field undefined. For each other basic action of DLD, sh gives the basic action 
itself. The function sh is defined as follows: 

sh(s !) = (s = *) , 
sh(s = t) = (s = *) , 
sh(s.f = t) = (s.f = *), 
sh(s = t.f) = (s = *) , 
sh(a) — a if a £ ^dld • 

In the definition of the set shok, we use an auxiliary function rush : {0, 1, 2} x 
Abld — > ^DLD msh an d, for each L E VC msh , sets nosherr(L), secmsherr(L) C 
Adld- 

The function msh gives, for each natural number in the set {0, 1, 2} and each 
basic action of DLD for changing the content of a spot or field: the basic action 
itself if the number is 0, the basic action of DLD msh for making the content of 
that spot or field * p if the number is 1, and the basic action of DLD msh for 
making the content of that spot or field * s if the number is 2. For each other 
basic action of DLD, msh gives always the basic action itself. The function msh 
is defined as follows: 

msh(0, a) = a , msh(i, a) = a if a £ j4dld i 

msh(l, s !) = (s = * p ) , msh(2, s\) = (s = * s ) , 



msh(l, s = t) = (s = * p ) , msh(2, s = t) = (s = * s 

msh(l, s.f = t) = (s.f = * p ) , msh(2, s.f = t) = (s.f ■■ 



msh(l, s = t.f) = (s = * p ) , msh(2, s = t.f) = (s = * s ) . 

For each L E VC msh , the set nomsherr(L) contains all basic actions a E Adld 
whose use in state L does not amount to a mimicked shedding error and the 
set secmsherr(L) contains all basic actions a E Adld whose use in state L 
amounts to a mimicked secondary shedding error. For each L E VC msh , the set 
nomsherr(L) is inductively defined as follows: 

— s !, s = * E nomsherr(L); 

— if L © (A a) = L, fl / * p and a ^ * s , 

then t = s, s == *, s/f, s\f, s \ f E nomsherr(L); 
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- if L © (A a) © (A 6) = L, a ^ * p , a ^ * s , & 7^ * p and 6 7^ * s , 
then s == t, s.f = t E nomsherr(L): 

- if L © (A a)ffi(n4i)) = L,(i/*p,a / * s , 6 7^ * p and 7^ * s , 
then i = s./ G nomsherr(L); 

and the set secmsherr(L) is inductively defined as follows: 

- if £ © (A * s ) = L, 

then t = s, s == t, t == s, s == *, s//, s\/, s | /, s./ = i, t.f = s, 
t = s.f G secmsherr(L); 

- if L © (A a) © (a -A * s ) = L, 
then t = s./ G secmsherr(L). 

The set s/iofc contains all pairs (p, i) G T x P£ such that, if the first action 
that is performed by p is an action of the form dld.m, where m is a basic action 
of DLD for changing the content of a spot or field, the criterion for shedding of 
that spot or field is met. The general idea underlying the definition of shok given 
below is that the criterion for shedding can be checked by mimicking shedding. 
In checking, all possibilities must be considered: 

- if an action of the form f.m with / ^ did is encountered, then two possibilities 
arise: (i) the reply is T and (ii) the reply is F; 

- if an action of the form dld.m with m a basic action of DLD of the form s !, 
s = t, s.f = t or s = t.f is encountered, then two possibilities arise: (i) the 
spot or field eligible for shedding is not shed and (ii) the spot or field eligible 
for shedding is shed. 

In general, this means that many paths must be followed. For regular threads, 
the number of paths to be followed will remain finite and eventually either ter- 
mination, deadlock, a mimicked primary shedding error, a mimicked secondary 
shedding error or a cycle without mimicked shedding errors will be encountered 
along each of the paths to be followed. The criterion for shedding is met if along 
each of the paths to be followed it is not a mimicked primary shedding error 
that is encountered first. For non-regular threads, it is undecidable whether the 
criterion for shedding is met. 

The set shok is defined by shok = shok' '(1,0), where the sets shok'(i,C) C 
T x VC msh for i G {0,1,2} and C C T x VC msh are defined by simultaneous 
induction as follows: 

- (S,L),(D,L) G shok'{i,C); 

- if / + did, 

(p, L) G shok'(0, CU{(p< f.m > q, L)}), 
(p, L) G shok' (2, CU{(p< f.m > q, L)}), 
(q,L) G shok'(0,C U {(p < f.m> q, L)}), 
(q, L) G shok' (2, CU{(p< f.m > q, L)}), 
then (p < f.m >q,L) G shok'(i, C); 
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Table 7. Definition of effect and yield functions for DLD with shedding 



eff Bh (m,L,p<f.m>q) 


= e ffsh(m) i L ) 


if m 


G Adld A (p < /.m > 5, L) G s/tofc 


eff sh (m,L,p<f.m>q) 




if m 


G Adld A (p < f.m >q,L) shok 


eff sh (m,L,p<f.m>q) 


= t 


if m 


4dld 


yld ah (m,L,p<f.m>q) 


= V ld S h(m)( L ) 


if m 


G Adld A (p < /.m > q, L) G sfrofc 


yld ah (m,L,p<f.m>q) 




if m 


G Adld A (p < f.m >q,L)g shok 


yld sh (m,L,p<f.m>q) 


= B 


if m 


£ 4dld 



yld Bh (m,L,p) = B =► eff Bh (m,L,p) = t 



— if m e nomsherr(L), 

(p < d\d.msh(i, m) > g) / d , d VCD msh (L) = tau o (r / d , d P£D msh (L')), 
(r, X') e sftofc'(0, C U {(p < dld.m > q, L)}), 
(r, L) e shok' (2, CU{(p< dld.m > q, L)}), 
then (p < dld.m > q, L) & shok'(i, C); 

— if to G secmsherr(L), 

then (p < dld.m > g, i) e shok'(i, C); 

— (X\E) eT, X = t x e € shok'{i,C), 
then ((X|£),L) g shok'(i,C); 

— if (p,L) G C, then (p, L) g shok'(i,C). 

In shok (i, C), i corresponds to the way in which a basic action of DLD for 
changing the content of a spot or field is dealt with in checking: 

— without mimicking of its shedding if i = 0; 

— with mimicking of its shedding by means of * p if i = 1; 

— with mimicking of its shedding by means of * s if i = 2. 

The members of C correspond to the combinations of thread and state encoun- 
tered before in checking. If such a combination is encountered again, this indi- 
cates a cycle without shedding errors because a path is not followed further after 
termination, deadlock, a mimicked shedding error or a cycle without mimicked 
shedding errors has been encountered. 

By the occurrence of the equation (p < did. msh{i, to) > q) / d | d VCD msh (L) = 
tau o (r / d | d VCD msh (L')) in the third rule of the inductive definition of the sets 
shok'(i, C), a service that is engaged in checking whether a pair (p, L) g T x DC 
belongs to shok is close to reflecting on itself. 

Now, we are ready to define, for L g 2?£U{t}, a data linkage dynamic service 
VCV sh (L) that supports shedding. 

Let L G 2?£U{t}. Then the shedding supporting data linkage dynamics service 
with initial state L, written VCV sh (L), is the service (VC U {t}, eff sh , yld sh , L), 
where the functions eff sh and yld sh are the effect and yield functions satisfying 
the equations in Table 7. 
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10 Examples 



In this section, we give two examples that illustrate how the definition of shed- 
ding supporting data linkage dynamics services can be used to determine whether 
in a fixed case a spot or field, whose contents should be changed, is shed. The first 
example concerns a case where a spot is shed and the second example concerns 
a case where a spot is not shed. 

Example 1. Let 

p = dld(s!)o(S<dld(i!)^D) , 
p' = S < d\d(t !) > D , 
p" = S<dld(t = * s )^ D . 

Thread p' is a residual thread of p and thread p" is p' with t ! replaced by t = * s 
to mimic shedding. Assume that the cardinality of AtObj is 1, and let a be the 
unique atomic object such that AtObj = {a}. Then in p /did UCD sh ($), spot s 
is shed on performing s\. This is straightforwardly shown using the definition 
of shedding supporting data linkage dynamics services. It follows immediately 
from the definition of nomsherr that: 

(s !) G nomsherr (0) , 
(t !) G nomsherr(—> * p ) , 

and it follows easily from the axioms for the use operators and the definition of 
mimicking of shedding supporting data linkage dynamics services that: 

p /did VCD sh (9) = tau o {p' /did VCV sh ( A * p )) , 

p> / d | d T>CD sh (A- * p ) = tau o (S /did V£V sh (( A * p ) © (4 a))) , 

p" /did VCV sh (A * p ) = tau o (S /did P£2? sh ((A * p ) © (A *„))) • 

Hence, by the definitions of shok' and shok: 

( P ',A* p )eshok'(0,{(p,<D)}), 

(p>,A* p )£shok'(2,{(p,®)}), 
(p,0) G a/w*'(l,0) , 
(p, 0) G s/ioA; . 

From this it follows by the definition of eff sh that eff sh (s !, 0,p) = eif sh(;s !} (0). 
On account of shedding, we have that 

p /did VCD sh {%) = tau o tau o S , 

whereas 

p /did V£D($) = tau o tau o D . 

The point is that a positive reply is produced on performing 1 1 only if spot s is 
shed on performing s !. 
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Example 2. Let 

p = dld(s !) o ((dld(u = s)o5)< d\d(t !) > S) , 
p' = (dld(« = s) oS) <dld(i!)^S , 
p" = dld(u = s) oS . 

Thread p is the same thread as the one discussed in Section 7 and threads p' 
and p" are residual threads of p. Assume again that the cardinality of AtObj 
is 1, and let a be the unique atomic object such that AtObj = {a}. Then in 
P /did X>£2? sh (0), spot s is not shed on performing s !. This is easily shown using 
the definition of shedding supporting data linkage dynamics services. It follows 
immediately from the definition of nomsherr, the definition of secmsherr, and 
basic set theory that: 

(u = s) nomsherr ((A * p ) © (A a)) , 
(u = s) secmsherr ((A * p ) © (A- a)) , 
(p", (A * p ) © (A a)) £ {(p, 0), (p', A * p )} , 

and it follows easily from the axioms for the use operators and the definition of 
mimicking of shedding supporting data linkage dynamics services that: 

p / d | d V£V sh (9) - tau o (p> /did VCV sh (A * p )) , 

p' / d | d T>CD sh (A * p ) - tau o (S / dld T>CD sh ((A * p ) © (4 a))) . 

Hence, by the definitions of s/ioA;' and sftofe: 

(P", (A * P ) © (A a)) shok'(0, {(p, 0), A * p )}) , 
(p',A*p)^ s ft o fc'(O,{(p,0)}), 
(p,0) ^a/w*'(l,0) , 
(p, 0) ^ s/iofc . 

From this it follows by the definition of eff sh that eff sh (s !, 0,p) = e# s! (0). 
11 Conclusions 

We have introduced shedding in the setting of data linkage dynamics and have 
adapted the data linkage dynamics services described in [9] so that they support 
shedding. The adaptation shows that the shedding feature is rather non-obvious. 
In particular, it is striking how much the matter is complicated by taking into 
consideration the semantic effects of the fact that the number of data objects 
that can exist at the same time is always bounded. 

We consider the work presented in this paper a semantic validation of shed- 
ding. It is an entirely different question whether a real implementation of shed- 
ding is of any use in practice. We have not answered this question. Empirical 
studies, see e.g. [17], indicate that in general a large part of the data objects 
that are reachable at a program point are actually not used beyond that point. 
However, the static approximation of shedding proposed in [18] might be more 
useful in practice. 
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In the definition of shedding supporting data linkage dynamics services, be- 
longing to shok corresponds to meeting the criterion for shedding. The set shok 
is defined using the idea of mimicked shedding. As a result, the description of 
the criterion for shedding looks to be rather concrete. It is an open question 
whether a more abstract description of the criterion for shedding can be given. 
If so, our concrete description should be correct with respect to that abstract 
description. 

In the case of shedding, the use of forecasting turns out to be semantically 
feasible. No restrictions are needed to preclude forecasting from introducing 
something paradoxical. This is certainly not always the case. For example, in the 
case of the halting problem, the use of forecasting is not semantically feasible, see 
e.g. [10], and in the case of security hazard risk assessment, the use of forecasting 
requires certain restrictions, see e.g. [6]. 
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